Managing Policy for Coordinated Defense
Clifford Neuman - ISI/USC
Mar 24, 2004
AbstractAs currently deployed computer security is implemented through a
collection of point defenses. Firewalls, VPN's, authentication
technologies, and authorization for application servers all use their
own policies, only occasionally administered centrally. In reality,
the organization rules on which these defenses should base their
actions originate from many places, but changes to the end policies
often fail to implement such rules.
The authorization architecture developed as part of USC's DEFCN
effort, and on which Dr. Neuman's current research is based, allows
policies to originate from multiple sources. These policies express
more than just access policies (whether an action is allowed); they
specify what security services are to be applied when executing an
action support new security actions such as adaptive audit. The
policies are communicated through multiple mechanisms, including
subscription, and by embedding them in authentication and
authorization credentials issued users of the system. The DEFCN
architecture enables coordinated implementation of policies across a
wide range of defense mechanisms.
In this talk, Dr. Neuman will discuss activities at USC's Center for
Computer Systems Security in manging distributed policies for large
About the SpeakerDr. Clifford Neuman is director of the Center for Computer Systems Security at the Information Sciences Institute (ISI) of the University of Southern California (USC), Associate Division Director of the Computer Networks Division at ISI, and a faculty member in the Computer Science Department at USC. Dr. Neuman earned a Bachelor\'s degree at the Massachusetts Institute of Technology and subsequently worked at Project Athena. He received M.S. and Ph.D. degrees from the University of Washington.
Dr. Neuman conducts research in distributed systems, computer security, and electronic commerce. He is the the principal designer of the Kerberos authentication system and architected its use as a basis for distributed authorization. The Kerberos system has served as the basis for many commercial computer security products and among other deployments, provides user authentication for Microsoft\'s Windows 2000 and Windows XP. Dr. Neuman also developed the NetCheque
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.